What is claimed is: 



1. A system for providing an analysis of use in managing risk, 
the system comprising: 

a) a knowledge base, for maintaining generic risk records, a 
generic risk record including a plurality of different 
fields ; 

b) a data store of profiles , for maintaining profile risk 
records associated with a particular profile, a profile 
risk record including the same plurality of fields as a 
generic risk record, the profile risk records for use in 
providing a risk assessment in the associated profile; 

c) a risk processor, for updating generic risk records based 
on profile risk records in the data store of profiles ; 

whereby the knowledge base includes generic risk records with 
field values that can be refined over time so as to be useful in 
providing a more accurate risk assessment in any particular 
profile . 

2. The system of claim 1, wherein some of the risk record fields 
are measuring fields input by the user, and some are calculated 
fields calculated by the system, and the system allows different 
modes of analysis in which the fields that are the measuring 
fields differ. 

3. The system of claim 2, wherein the modes of analysis include: 
a) a residual assessment mode, in which a user selects 

inherent values of likelihood and consequence for a risk, 
and a value, for each control for the risk, for 
effectiveness in either preventing the risk or reducing the 
consequence of the risk, and the system then calculates 
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7 residual levels of likelihood, consequence and risk rating 

8 for the risk; 

9 b) an inherent assessment mode, in which a user selects 
residual values of likelihood and consequence for a risk, 

11 and a value, for each control for the risk, for 

12 effectiveness in either preventing the risk or in reducing 

13 the consequence of the risk, and the system then calculates 

14 the inherent levels of likelihood, consequence and risk 

15 rating for the risk; and 

16 c ) a controls self -assessment mode, in which a user selects 

17 inherent values of likelihood and consequence for a risk, 
18i 5 as wel1 as residual values of likelihood and consequence 
19Q for the risk, and the system then calculates the 

20 p"; effectiveness of predetermined controls needed to either 

21 tn prevent the risk or to reduce the consequence of the risk. 

1„ 4. The system of claim 1, wherein the system can be used in 

2 S different modes of use, and further wherein only some fields are 

3 ly required to be used in the risk management analysis, the fields 
tnat ar e required depending on the mode of use. 

1 5. The system of claim 4, wherein both a generic risk record and 

2 a profile risk record comprise: 

3 a) a risk component, for indicating a risk, for indicating an 

4 inherent risk rating, and also for indicating a residual 

5 risk rating; 

6 b) a cause component, for indicating the cause of the risk; 

7 c) a consequence component, for indicating a particular 

8 consequence of the risk and the inherent and residual cost 

9 of the particular consequence; and 
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10 d) a control component, for indicating a control, for 

11 indicating whether the control is corrective or preventive, 

12 and for indicating the effectiveness of the control. 

1 6. The system of claim 5, wherein in one mode of use the 

2 inherent risk impact cost is aggregated over the inherent cost of 

3 each consequence of the risk. 

1 7. The system of claim 5, wherein in one mode of use the 

2 residual likelihood is an aggregate calculation based on the 

3 effectiveness of each preventive control acting on the inherent 
4r=5 1 ike 1 ihood . 

l s j 8. The system of claim 5, wherein in one mode of use the 

2™r residual risk impact cost is aggregated over the residual cost of 

3y each consequence of the risk. 

lrg 9- The system of claim 1, further comprising a scripting 

2j^ facility for enabling a user to create a script directing how a 

3U risk management process is to be performed, the script indicating 

4:^ steps that can be used in performing risk analysis in any 

5 profile. 
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